Lazarus-Linked macOS Malware Targets Traditional Businesses and Crypto Companies

A new macOS malware campaign has been discovered, linked to the North Korea-linked Lazarus Group. The 'Mach-O Man' malware kit is designed to bypass traditional controls and gain access to credentials and corporate systems.

The malware is distributed via social engineering schemes, where victims are lured into a fake Zoom or Google Meet call that prompts them to execute commands that download the malware in the background.

Researchers warn that this campaign can lead to account takeovers, financial losses, and data exposure. The malware's final stage is a stealer designed to extract sensitive information from infected devices.

The Lazarus Group has been linked to some of the largest cryptocurrency hacks, including the $1.4 billion hack of Bybit exchange in 2025. This campaign underscores how the group continues to expand its targeting beyond crypto-native companies.